Hello,
I got it going.
Here's my apache configuration:
# The git.domain.com http virtual host
<VirtualHost *:80>
DocumentRoot /usr/local/www/git/repos
ServerName git.domain.com
ServerAdmin webmaster@xxxxxxxxxx
ErrorLog /var/log/git-httpd-error.log
CustomLog /var/log/git-httpd-access.log combined
# share well-known for renewal via Let's Encrypt!
Alias "/.well-known/acme-challenge" "/usr/local/www/.well-known/acme-challenge"
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.*
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [QSA,L,R=301]
</IfModule>
# deny pushing over HTTP
<LocationMatch "git-receive-pack">
Require all denied
</LocationMatch>
</VirtualHost>
# The git.domain.com https virtual host
<VirtualHost *:443>
DocumentRoot /usr/local/www/git/repos
ServerName git.domain.com
ServerAdmin webmaster@xxxxxxxxxx
ErrorLog /var/log/git-httpd-error.log
CustomLog /var/log/git-httpd-access.log combined
# Uncomment the below 2 lines when deploy http2
H2Direct on
Protocols h2 h2c http/1.1
SSLEngine on
SSLCertificateFile "/usr/local/etc/ssl/acme/domain.com/fullchain.pem"
SSLCertificateKeyFile "/usr/local/etc/ssl/acme/private/domain.com/privkey.pem"
# HSTS (mod_headers is required) (15768000 seconds = 6 months)
Header always set Strict-Transport-Security "max-age=15768000"
<Directory "/usr/local/www/git/repos">
Options +ExecCGI
SSLRequireSSL
AllowOverride None
AuthType Basic
AuthName "Private Git Access"
AuthUserFile "/usr/local/etc/git-auth-file"
AuthGroupFile /usr/local/etc/htgroup-git
Require valid-user
<If "%{QUERY_STRING} =~ m#service=git-receive-pack# || %{REQUEST_URI}
=~ m#/git-receive-pack$#">
Require group gitwrite
</If>
</Directory>
ScriptAlias /git /usr/local/libexec/git-core/git-http-backend
<Directory "/usr/local/libexec/git-core">
SetEnv GIT_PROJECT_ROOT /usr/local/www/git/repos
SetEnv GIT_HTTP_EXPORT_ALL
# For anonymous write
#SetEnv REMOTE_USER anonymousweb
Options +ExecCGI
SSLRequireSSL
AuthType Basic
AuthName "Private Git Access"
AuthUserFile "/usr/local/etc/git-auth-file"
AuthGroupFile /usr/local/etc/htgroup-git
Require valid-user
<If "%{QUERY_STRING} =~ m#service=git-receive-pack# || %{REQUEST_URI}
=~ m#/git-receive-pack$#">
Require group gitwrite
</If>
</Directory>
# gitweb
Alias /gitweb "/usr/local/www/gitweb"
<Directory "/usr/local/www/gitweb">
DirectoryIndex gitweb.cgi
Options ExecCGI
AuthType Basic
AuthName "Private Gitweb Access"
AuthUserFile "/usr/local/etc/git-auth-file"
Require valid-user
<Files gitweb.cgi>
SetHandler cgi-script
</Files>
SetEnv GITWEB_CONFIG /usr/local/etc/gitweb.conf
</Directory>
</VirtualHost>
Thanks.
Dave.
On 4/7/18, Gary Aitken <apache@xxxxxxxxxxxxxxx> wrote:
> On 04/07/18 00:36, David Mehler wrote:
>
>> Does anyone have an apache 2.4 with git/gitweb setup going? I'm
>> wondering if it is possible to have I guess it would be like a double
>> url:
>>
>> https://git.domain.com/git/repos/myrepo.git
>
> It would most likely look like:
> https://git.domain.com/git/myrepo.git
>
> The /git is an alias pointing to the actual repo in httpd-vhosts.conf
> (see example below)
>
>> and that /git is an apache ScriptAlias for git-httpd-backend (can I
>> still have this functionality but drop the /git from the url?)
>
> I think the last git in the url is required
>
>> So I can clone and push changes, both operations require authentication.
>>
>> What i'd like to do now is add gitweb in to this, making it also viewable
>> on
>>
>> https://git.domain.com
>>
>> also requiring authentication.
>
> That's possible also. Both the git documentation and the apache24
> documentation discuss setup with examples, but I have no direct
> experience with it.
>
> Unless you want people accessing the site to have to add the command-
> line switch to override certificates on their git commands, you will
> need non-self-certified certificates for your server. I got mine
> via letsencrypt.
>
> I recently modified my apache 2.4 to provide access to a git repo.
> However, it is read-only; I push via ssh.
>
> The relevant parts of httpd-vhosts.conf look something like this:
>
> <VirtualHost git.your-domain.com:443>
> ServerAdmin some-guy@xxxxxxxxxxxxxxx
> DocumentRoot "/path/to/your/repo/"
> ServerName git.your-domain.com
> ErrorLog "/path/to/logs/git-error.log"
> CustomLog "/path/to/logs/git-access.log" common
> SSLEngine on
> SSLCertificateFile "/path/to/your/certs/your-public-cert.pem
> SSLCertificateKeyFile "/path/to/your/certs/private-key.pem
> SSLCertificateChainFile "/path/to/your/certs/fullchain.pem
> SetEnv GIT_PROJECT_ROOT /path/to/your/repo
> SetEnv GIT_HTTP_EXPORT_ALL
> # 20180402 Note the trailing '/' on git-http-backend
> # For some reason this is *required*, even though it is not a directory
> ScriptAlias /git/ /path/to/your/libexec/git-core/git-http-backend/
> Alias /git/ /path/to/your/repo/
> <Directory "/path/to/your/repo/">
> AllowOverride None
> Require all granted
> </Directory>
> <Directory "/path/to/your/libexec/git-core/">
> Options +ExecCGI
> Require all granted
> </Directory>
> </VirtualHost>
>
> You will also need to modify httpd.conf to make sure the needed
> add-ons are activated; can't remember what they are but they are in
> the apache and git documentation and as I recall I got log messages
> telling me what was missing on at least some of them. httpd-ssl.conf
> also needed tweaking but most of that was overridden anyway in
> httpd-vhosts.conf
>
> Gary
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|